Oct 30, 2025Ravie LakshmananDevSecOps / Software program Safety
Cybersecurity researchers have uncovered yet one more lively software program provide chain assault marketing campaign concentrating on the npm registry with over 100 malicious packages that may steal authentication tokens, CI/CD secrets and techniques, and GitHub credentials from builders’ machines.
The marketing campaign has been codenamed PhantomRaven by Koi Safety. The exercise is assessed to have begun in August 2025, when the primary packages had been uploaded to the repository. It has since ballooned to a complete of 126 npm libraries, attracting greater than 86,000 installs.
A number of the packages have additionally been flagged by the DevSecOps firm DCODX –
op-cli-installer (486 Downloads)
unused-imports (1,350 Downloads)
badgekit-api-client (483 Downloads)
polyfill-corejs3 (475 Downloads)
eslint-comments (936 Downloads)
What makes the assault stand out is the attacker’s sample of hiding the malicious code in dependencies by pointing to a customized HTTP URL, inflicting npm to fetch them from an untrusted web site (on this case, “packages.storeartifact[.]com”) versus npmjs[.]com every time a bundle is put in.
“And npmjs[.]com would not observe these URLs,” safety researcher Oren Yomtov specified by a report shared with The Hacker Information. “Safety scanners do not fetch them. Dependency evaluation instruments ignore them. To each automated safety system, these packages present ‘0 Dependencies.'”
Extra worryingly, the truth that the URL is attacker-controlled signifies that it may be abused by the unhealthy actor to tailor their payloads and serve any sort of malware, and make it extra stealthy by initially serving utterly innocent code earlier than pushing a malicious model of the dependency after the bundle features broader adoption.
The assault chain kicks off as quickly as a developer installs one of many “benign” packages, which, in flip, results in the retrieval of the distant dynamic dependency (RDD) from the exterior server. The malicious bundle comes with a pre-install hook that triggers the execution of the principle payload.
The malware is designed to scan the developer atmosphere for e-mail addresses, collect details about the CI/CD atmosphere, acquire a system fingerprint, together with the general public IP handle, and exfiltrate the outcomes to a distant server.
Koi Safety stated the selection of the bundle names shouldn’t be random, and that the risk actor has resorted to capitalizing on a phenomenon known as slopsquatting – the place giant language fashions (LLMs) hallucinate non-existent but plausible-sounding bundle names – with a view to register these packages.
“PhantomRaven demonstrates how subtle attackers are getting [better] at exploiting blind spots in conventional safety tooling,” Yomtov stated. “Distant Dynamic Dependencies aren’t seen to static evaluation. AI hallucinations create plausible-sounding bundle names that builders belief. And lifecycle scripts execute mechanically, with none person interplay.”
The event as soon as once more illustrates how risk actors are discovering novel methods to cover malicious code in open-source ecosystems and fly beneath the radar.
“The npm ecosystem permits straightforward publishing and low friction for packages,” DCODX stated. “Lifecycle scripts (preinstall, set up, postinstall) execute arbitrary code at set up time, usually with out developer consciousness.”
